Wrike Privacy Policy
Last updated February 9, 2024.
Wrike Privacy Policy
Last updated February 9, 2024.
Where indicated, this Privacy Policy applies to Service Data. We do not control the content of Service Data, and, because of security features in the Platform, in most cases we are unable to read such content. Under the GDPR and similar laws, Wrike is considered the Customer’s Processor of any Personal Data in the Service Data.
Wrike Processes Personal Data in the Service Data pursuant to the instructions of the relevant Customer or as required by applicable law, as described in the Wrike Terms of Service at https://www.wrike.com/security/terms or the alternative agreement (if applicable) signed by Wrike and that Customer for the Service Offerings. For any Workspace on the Platform, the relevant Customer is the one that Wrike authorizes to control the administrator account. Specifically, that Customer is the Controller for all information submitted by any User to that Workspace, including Regular Users, External Users, and Collaborators. The foregoing is true even when those Users happen to be employees of another Customer, as each Customer is a Controller of only its own Workspaces. Regular Users of a Workspace can find contact information for the relevant Customer’s administrator(s) by logging in to the Workspace and selecting “Profile”, then “Profile Settings”, and then “Account Information”. Other individuals may contact Wrike to ask Wrike to forward a request or inquiry to a particular Workspace’s administrator or designated contact point.
Wrike may disclose any Service Data, including certain deleted Service Data, or data previously received from deactivated Users, to the relevant Customer, and Wrike provides the Customer with certain tools for modifying, deleting or taking other steps with Service Data. Accordingly, Users and other individuals should contact the relevant Customer with any requests relating to Personal Data about them that may appear in that Customer’s Service Data. If Wrike receives a request from a User to exercise rights in Service Data, we will refer the User’s request to the relevant Customer and cooperate with that Customer’s handling of the request, subject to any special contractual arrangement with that Customer. For requests from Customer account administrators relating to their own Personal Data, Wrike may handle the request directly.
The Privacy Policy also applies to our handling of Personal Data that is not Service Data, such as Personal Data about:
However, this Privacy Policy does not cover any data we Process in the context of our own recruiting and human resources management activities.
Because we designed the Platform to be content- and data-agnostic, our Customers are empowered to provide us with any kind of Personal Data in the Service Data.
In addition to Service Data, we collect contact details, professional details such as title and name of company, information about the browsers and devices that individuals use to interact with us, information about an individual’s interactions with Wrike or our partners, payment information, and inferences drawn other Personal Data.
We obtain much of this data directly from the relevant individuals, including in some cases with the technology described in the “Cookies and Automated Data Collection” section further below. We also obtain Personal Data directly from our current or prospective Customers and from other third-party sources such as resellers, referral partners, distributors, list vendors and marketing companies, as well as from publicly available sources such as prospective Customers’ websites and third-party sites like LinkedIn.
Wrike uses Personal Data as follows:
We may combine data collected from you with other sources to help us improve the accuracy of our marketing and communications as well as to help expand or tailor our interactions with you. This includes combining Personal Data we obtain through online channels with information we obtain through offline channels, as well as other information (such as referral programs), for the purposes described above. We may anonymize or aggregate personal information and use it for the purposes described above and for other purposes to the extent permitted by applicable law. We also may use Personal Data for additional purposes that we specify at the time of collection. We will obtain your consent for these additional uses to the extent required by applicable law.
We share Personal Data as follows:
For those purposes, we may share information with:
The laws in some jurisdictions require companies to tell you about the legal grounds they rely on to use or disclose your Personal Data. To the extent those laws apply, our legal grounds for Processing Personal Data are as follows:
In our websites, apps and emails, we and third parties may collect certain information by automated means such as cookies, Web beacons, JavaScript, chatbots, mobile device functionality, browser-based or plugin-based local storage such as HTML5 storage or Flash-based storage, and other similar techniques and technologies.
This information includes unique browser identifiers, unique device identifiers such as the Apple Advertising Identifier or Android Advertising ID, IP address, browser and operating system information, geolocation, other device information, Internet connection information, as well as details about individuals’ interactions with our apps, websites and emails, including interactions with and information provided to our chatbots. Such details include, for example, the URL of the third-party website from which you came, the pages that you visit on our websites, and the links you click on in our websites.
As part of this, we and third parties may use automated means to read or write information on your device, such as in various types of cookies and other local storage. Cookies and local storage are files that can contain data, such as unique identifiers or other information, that we or a third party may transfer to or read from an individual’s device for the purposes described in this Privacy Policy.
The cookies and other technologies described here fall into four basic categories:
To learn more about interest-based advertising, including how to opt out from the targeting of interest-based ads by some of our current ad service partners, visit aboutads.info/choices, youradchoices.ca or youronlinechoices.eu from each of your browsers on each of your devices. You can opt out of Google Analytics and customize the Google Display Network ads by visiting the Google Ads Settings page and installing the Google Analytics Opt-out Browser Add-on from each browser on each device. If you replace, change or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again. Please visit your mobile device manufacturer's website, or the website for its operating system, for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation.
You may be able to set your web browser to refuse certain types of cookies, or to alert you when certain types of cookies are being sent. Some browsers offer similar settings for HTML5 local storage, and Flash storage can be managed as described here.
All Users can:
Controls related to cookies and other automated data collection are described in the “Cookies and Automated Data Collection” section above. Anybody can unsubscribe from marketing emails by clicking the unsubscribe link they contain.
Residents of the European Economic Area, the UK, and many other jurisdictions have certain legal rights to do the following with Personal Data we control:
Residents of the European Economic Area, the UK, and Switzerland also have certain rights under the Data Privacy Framework, as described in the “International Data Transfers” section below.
To exercise any of those rights with respect to the Personal Data Wrike controls, individuals should contact us as described at the end of this Privacy Policy.
To exercise any rights relating to Service Data, Users should contact the relevant administrator for the Workspace associated with the Service Data, not Wrike. Regular Users of a Workspace can find contact information for the relevant Customer’s administrator(s) by logging in to the Workspace and selecting “Profile”, then “Profile Settings”, and then “Account Information”. Other individuals may contact Wrike to ask Wrike to forward a request or inquiry to a particular Workspace’s administrator or contact point. If you are a Customer account administrator or Customer account owner and require assistance with this process, such as if you want to make a request with respect to your own User data, you may contact us as described below.
Many of the rights described above are subject to significant limitations and exceptions under applicable law. For example, objections to the Processing of Personal Data and withdrawals of consent typically will not have retroactive effect.
Every individual also has a right to lodge a complaint with the relevant supervisory authority.
To provide security for Service Data within the Platform, we maintain physical, organizational, and technical safeguards, which are subject to periodic changes. The specific Platform security options available to Customers depend on their Platform Plan. Customers’ use of available safeguards will impact the level of protection available for the Service Data. Communications with Wrike through other methods such as email or phone are not subject to those protections. Third-party software and services integrated into our Service Offerings, such as Google Drive, Box, Dropbox, and other integrations are handled by such third parties subject to their own privacy and security procedures, which we do not control.
Wrike's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements stated therein.
We use different safeguards to help secure the other Personal Data we handle.
No security method is perfect, and we cannot guarantee that any data will remain secure.
We hold Personal Data for as long as necessary to fulfill the purposes set forth in this Privacy Policy. Information may persist in copies made for backup and business continuity purposes for additional time.
We are headquartered in the United States, and recipients of the data disclosures described in this Privacy Policy are located in the United States and elsewhere in the world, including where privacy laws may not provide as much protection as those of your country of residence. However, eligible Customers can arrange to have their Workspaces stored in our data center located in the European Union.
Customers also may transfer Service Data to Wrike on the basis of legal mechanisms approved by the European Commission and other relevant authorities for cross-border data transfers. These include Standard Contractual Clauses, which may be used in conjunction with additional safeguards that Wrike offers, such as Wrike Lock (which allows Customers to access to their Wrike data while managing their own encryption keys) and other encryption and security features provided under our multiple information security certifications: ISO/IEC 27001:2013, SOC2 Type II, ISO/IEC 27018:2019, and Cloud Security Alliance STAR Level 2.
Wrike has certified that it adheres to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Wrike, Inc. has certified to the U.S. Department of Commerce that it adhered to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Wrike has certified to the U.S. Department of Commerce that it adheres to Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is a conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The following statements apply to all EEA, UK, and Swiss Personal Data that is received by Wrike in the United States pursuant to the DPF:
When Wrike receives Personal Data under the DPF and then transfers it to a third-party service provider acting as an agent on Wrike’s behalf, Wrike has certain responsibility under the DPF if both (i) the agent Processes the information in a manner inconsistent with the DPF, and (ii) Wrike is responsible for the event giving rise to the damage.
Covered European residents should direct any questions, concerns, or complaints regarding Wrike’s compliance with the DPF to Wrike as described at the bottom of this Privacy Policy. Wrike will attempt to answer your questions and satisfy your concerns in a timely and complete manner as soon as possible. If, after discussing the matter with Wrike, your issue or complaint is not resolved, Wrike has agreed to participate in the DPF independent dispute resolution mechanisms listed below, free of charge to you. Please contact Wrike first.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.
Wrike makes its own international transfers of personal data. To exercise any legal right to see copies of the data transfer mechanism documents that Wrike uses to transfer data to third parties, please contact us. Our Service Offerings allow our Customers and Users to make international data transfers to third parties, such as to other Users, or to providers of integrations, for which they are solely responsible.
Wrike may change this Privacy Policy to reflect changes in the law, our data handling practices, or the features of our business. The updated Privacy Policy will be posted on Wrike.com.
If you have questions, requests, or complaints relating to a Customer’s handling of your Service Data, please contact the relevant Customer. If you have questions regarding our practices or this Privacy Policy, or to send us requests or complaints relating to Personal Data, please contact us at:
Wrike, Inc.
Attention: Legal and Compliance
9171 Towne Centre Drive, Suite 200
San Diego, CA, 92122
[email protected]
The subsections below apply only to “personal information” about California residents (as that term is defined in the CCPA) and they supplement the information in the rest of our Privacy Policy above. Data about individuals who are not residents of California is handled differently and is not subject to the same rights described below. These subsections also do not apply to Service Data (defined above), which is handled as described in Section 2 of our Privacy Policy, even when the Service Data is about a resident of California.
The specific pieces of personal information we collected in the last 12 months generally fall into the following categories under California law, to the extent that any of the following are personally identifiable: identifiers (such as name, address, email address and other contact information); commercial information (such as transaction data, and information about an individual’s interactions with Wrike or our partners); financial data (such as payment card information); audio and visual information (such as recordings of certain calls, meetings, and events); internet or other network or device activity, and other information described in the Cookies and Automated Data Collection section of our Privacy Policy; geolocation information; professional or employment related data (such as title); other information that identifies or can be reasonably associated with you, and inferences drawn from any of the above.
In the twelve months leading up to the effective date of this Privacy Policy, Wrike used the personal information as follows:
CCPA “sale” of California personal information
The CCPA requires businesses that “sell” personal information, as the term “sell” is defined under the CCPA, to provide an opt-out from such sales. Some people have taken the position that when a website or app uses third-party cookies and similar technology for its own analytics or advertising purposes, the website/app is engaged in a “sale” under the CCPA if the third parties have some ability to use, disclose or retain the data to improve their service or to take steps beyond the most narrowly drawn bounds of merely providing their service to the website/app. Some take this position even when the website/app pays the third party (not vice versa), and in most cases merely provides the third party with an opportunity to collect data directly, instead of providing personal information to the third party. If you take the position that any of the relationships described above involve a “sale” within the meaning of the CCPA, then you may consider Wrike to have “sold” what the CCPA calls “identifiers” (like IP addresses), “internet or other electronic network activity information” (like information regarding an individual’s browsing interactions on wrike.com), and “commercial information” (like the fact that a browser visited a page directed to people who are considering purchasing from us) to marketing and analytics companies. As we await clarity on this point and, if applicable, the arrival of a proven method for handling CCPA-like choice options for it, we continue to offer opportunities to limit and/or opt out of the collection and/or use of data via certain third-party cookies and similar technology for analytics and advertising purposes, as described in the Cookies and Automated Data Collection section of our Privacy Policy. In any case, no matter how “sale” is defined, Wrike has no actual knowledge of selling the personal information of individuals under 16 years of age.
Collection and Disclosure of California Personal Information During Past 12 Months
The chart below provides more detail on our disclosures of California personal information during the 12 months leading up to the effective date of this Privacy Policy:
Category of personal information collected | Categories of third parties to which it was disclosed for a business purpose |
Identifiers, such as name, username, email address, phone number, address, IP address | Affiliates, data storage and backup providers, marketing service providers, customer relationship management providers, accounting providers, technical service providers, payment processors, and marketing and analytics companies; and entities involved in legal-related matters with Wrike. |
Professional or employment-related information, such as title | Same as first row |
Commercial information, such as information provided to us in your communications (some of which is personal information), transaction data, and information about interactions with Wrike or our partners | Same as first row |
Financial information such as payment card number | Payment processors |
Audio and visual information | Same as first row |
Internet or other electronic network activity information, such as technical data about a device and information about a device’s interactions with our website | Same as first row, with the exception of payment processors |
California Privacy Rights
If you are a California resident, California law may permit you to request that we:
Certain information is exempt from such requests under applicable law. You also may have the right to receive information about the financial incentives that we offer to you (if any). You also have certain rights under the CCPA not to be subject to certain negative consequences for exercising CCPA rights.
We will take steps to verify your identity before responding to your request, which may include requesting that you respond to an email that we send to you, or otherwise verifying your name, email address or other information that will help us to confirm your identity.
If you are an agent making a request on behalf of a consumer, you must verify that you are authorized to make that request, which may include requiring you to provide us with written proof that satisfies CCPA requirements, such as an appropriate letter signed by the consumer or a power of attorney. We also may require the consumer to verify their identity directly with us.
To request to exercise any of these rights, please visit https://www.wrike.com/contactus/ and click “Privacy” on the drop-down.
Enterprise Grade Security
If you have any security questions and concerns, please contact our team, and they will provide you with additional security artefacts and external reports confirming our security maturity.